[Top] [All Lists]

NOTICE: ZIP archived filename length checks in Sanitizer

2006-09-09 22:24:47

A BO vulnerability has been announced in the DUNZIP32.dll zipfile
library used by many commercial programs, including Lotus Notes and
Real Audio player.

In an attempt to mitigate this vulnerability, archived filename length
checks have been added to the development version of the Procmail
Email Sanitizer, and a patch to add these checks to recent stable
releases is also available.

The patch is available at:

The development version of the sanitizer is available at:

The sanitizer home page is:

 John Hardin KA7OHZ    ICQ#15735746
 jhardin(_at_)impsec(_dot_)org    FALaholic #11174    pgpk -a 
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
  It is not the business of government to make men virtuous or
  religious, or to preserve the fool from the consequences of his own
  folly.                                              -- Henry George
 8 days until The 219th anniversary of the signing of the U.S. Constitution

procmail mailing list   Procmail homepage:

<Prev in Thread] Current Thread [Next in Thread>
  • NOTICE: ZIP archived filename length checks in Sanitizer, John D. Hardin <=